The Wayback Machine - https://web.archive.org/web/20200903025613/https://github.com/caddyserver/caddy/issues/3562
Skip to content

/ caddy

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE][v2]: Provide a new "allow_list" to the log filter #3562

Open
danlsgiga opened this issue Jul 8, 2020 · 4 comments
Open

[FEATURE][v2]: Provide a new "allow_list" to the log filter #3562

danlsgiga opened this issue Jul 8, 2020 · 4 comments
Labels
feature request help wanted
Milestone
2.x

Comments

@danlsgiga
Copy link

@danlsgiga danlsgiga commented Jul 8, 2020

I'm in a current dilemma regarding my logs in Caddy v2.1.1...

I'm planning to have structured logs using the json encoder. I tried it but the chances of having sensitive info leaking in the logs is pretty high because a lot of our apps use multiple headers like Authorization: X-Auth-Token:, etc and due to compliance concerns, I can't (and don't want to) be managing what headers I delete via the delete log filter.

That being said, it would be nice to have some kind of log filter in place to allow only a predefined list of headers to be logged.

Example: The only header I care of at the moment is the User-Agent. So, having something like the log config below would be super nice to filter anything else but the User-Agent in the request.headers json block

{"logging": {
  "logs": {
    "log0": {
      "encoder": {
        "format": "filter",
        "wrap": "json",
        "fields": {          
          "request>headers": {
            "filter": "delete"
          },
          "request>headers>User-Agent": {
            "filter": "<the_name_of_the_new_filter>"
          }
        }
      }
    }
  }
}
@mholt mholt added this to the 2.x milestone Jul 8, 2020
@francislavoie
Copy link
Member

@francislavoie francislavoie commented Jul 8, 2020
edited

See the ip_mask filter, you can specify options on a filter. I think what we want is an "except" option on the delete filter. That way we don't need to worry about ordering of the filters.
@danlsgiga
Copy link
Author

@danlsgiga danlsgiga commented Jul 8, 2020

Would that work if I delete the request>headers and have except = request>headers>Referer for example?

If yes, definitely simpler and way better ;)
@danlsgiga
Copy link
Author

@danlsgiga danlsgiga commented Jul 8, 2020

Also, except should be an array
@francislavoie
Copy link
Member

@francislavoie francislavoie commented Jul 8, 2020

Yeah that's what I'm thinking. An "except" option that takes an array of fields to keep after deleting, and those fields must be subfields of the one being deleted, I guess.
@utilitynerd utilitynerd mentioned this issue Aug 31, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request help wanted
Projects
None yet
Milestone
2.x
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@mholt @danlsgiga @francislavoie
You can’t perform that action at this time.